Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

REST API - Unauthorized error

av2214
New Member
‎04-09-2020 09:41 AM

I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-use-rest-api-without-curl.html

I can obtain the session key but on using that, I still get an unauthorized error when trying to pull results of a search.

I am going through a proxy server to make my request and avoid CORS issues. Any pointers woul dbe appreciated.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-12-2020 05:49 AM

Have you set the splunk admin user/password? If you're using the default, you can't authenticate with the rest endpoints. A UNiversal forwarder behaves this way at least...

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-10-2020 04:15 AM

Doesn't appear you're setting the authorization header correctly in the 2nd example. Use the same xhdr method you used in the first example but set it with "Authorization: Splunk AUTHTOKEN"

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-10-2020 04:15 AM

beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Splunk' + authtoken);

0 Karma
Reply

serenalekh
New Member
‎04-10-2020 10:28 AM

Tried this as well. Still Giving a 401. FYI, these API calls are going through the browser - using client side JS.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-10-2020 11:51 AM

Did you look at your request with packet sniffing or software proxy like fiddler by telerik?

Something is wrong with your post. It's that simple. Otherwise you wouldn't get 401.

Is there a space in the header between Splunk and token?

0 Karma
Reply

serenalekh
New Member
‎04-10-2020 12:06 PM

No spaces, Yes i did try to check the request but everything looked fine

0 Karma
Reply

serenalekh
New Member
‎04-09-2020 02:21 PM

The session key is being used to make a POST call to create a job and a GET call to retrieve the results of that job.,,The session key is being used to make a POST call to create a search and then make a GET call to get the search results.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-09-2020 11:13 AM

How are you using the session key?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-09-2020 03:51 PM

An example of your POST please...

0 Karma
Reply

serenalekh
New Member
‎04-09-2020 09:33 PM

Here's the example

$.ajax({
url: url,
type: "POST",
contentType: "application/json",
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Basic' + btoa("username:password"));

0 Karma
Reply

serenalekh
New Member
‎04-09-2020 09:39 PM

Instead of passing the username and password if the session key (obtained a login POST call) is passed in this manner :
$.ajax({
url: url,
type: "POST",
contentType: "application/json",
"Authorization": "Splunk " + sessionkey,
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',

still throws a 401

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Mile High Learning with Splunk University, Denver, Colorado

If Denver is known for its mile-high elevation, Splunk University is about to raise the bar on technical ...

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...